1. Field of the Inventions
The field of the invention relates generally to digital communications networks and more particularly to the management of a plurality of protocols over such networks including dynamic protocols such as “Instant Message” protocols.
2. Background Information
When a local computing device coupled to a local, or proprietary, network communicates with a remote computing device outside the network, the network can become subject to attempts at intrusion. Intrusion can, for example, be defined as someone trying to wrongfully access the network. Intrusion can also be defined as a program, such as a computer virus, attempting to wrongfully access resources available on the network. For example, a computer virus can be sent from a remote computing device to the local computing device, and if allowed to operate on the local computing device, can commandeer resources at the local computing device as well as other local resources, such as those available to the local computing device on the network or otherwise. For another example, a remote computing device can generate a set of messages in an attempt to deny service to, or otherwise have an effect on service at, the local computing device, such as preventing access by that local computing device to proper resources, or by preventing access by others to that local computing device.
In some cases, intrusion can be caused by messages directed at the network, while in other cases, intrusion can be caused by messages from inside the network, such as from a computing device within the network under the control of a computer virus or an employee using the network improperly. For example, a computing device within the network can be corrupted by a malicious user of that computing device, i.e., a user who is attempting to access local resources in a way that is not desired. A computing device can also be corrupted in a relatively innocent way, such as when a program is otherwise innocently introduced into a device having access to local resources, but where the program itself includes functions that attempt to access local resources in a way that is not desired.
It is therefore sometimes desirable to apply policy rules for handling messages in the network, particularly when those messages use a message protocol that might not be directed to business aspects of the network. For example, a number of message protocols have been developed recently that are primarily for personal use, but which often make their way into proprietary networks, such as enterprise networks, and which are subject to possible abuses. These message protocols include, for example, instant message (IM) protocols, peer-to-peer (P2P) and other file sharing protocols, interactive game protocols, distributed computing protocols, HTTP Tunneling, and “.NET” or “SOAP” methods of computer program interaction. Some of the possible abuses that can result from these message protocols entering the enterprise network include accidental delivery of a computer virus to a client device within the enterprise network, communication of sensitive or proprietary information between client devices within the enterprise network and client devices outside the enterprise network, and other unauthorized user behavior within the enterprise network.
Conventional methods of applying policy rules to messages in an enterprise network are directed primarily to relatively low-level message protocols such as TCP (transmission control protocol) and IP (Internet protocol). The protocols just described, however, typically are implemented at the higher levels of the TCP/IP protocol stack, as represented in the International Organization for Standardization (ISO) model. Often, in the interest of speed and finality, firewall servers, for example, are not very effective against message protocols that involve higher levels in the ISO model, or against message protocols that are relatively new to the enterprise network and therefore not anticipated by the firewall server. Moreover, many such protocols are being rapidly developed and modified, often more quickly than it is feasible to deploy new systems and methods for recognizing and intercepting those message protocols, and for enforcing policy rules thereto.